Browser Fingerprinting: Why it’s Such a Huge Problem

David Janssen
David Janssen
By: David Janssen Reading time: 7 minutes Update: 08-06-2021
browser fingerprinting featured image

Nowadays it can be terribly difficult to remain anonymous online. There are many methods that can identify you online. Checking an IP address is one of the easiest and most straightforward detection methods out there. You might also reveal your identity through cookies, malware, using the same email address across sites, or by just logging into an account with your real name and picture.

Luckily, there are some things you can do to stay relatively anonymous online. A VPN can mask (change) your IP address. But it does not hide every detail about your device and browser. For instance, you still pass on what Operating System you are using, what screen resolution you have, or what fonts you have installed on your device. Trackers have caught on to this and managed to use this to their advantage to identify you. This article will take you through the basics of browser fingerprinting and what you need to know about it.

More and more people protect their online privacy these days. Because of this companies had to find new techniques to identify you online. The most persistent and thorough technique by far is browser fingerprinting (sometimes also called device fingerprinting).

What is Browser Fingerprinting?

Browser fingerprinting is a way for websites and other online trackers to assign a unique profile (or “fingerprint”) to you in order to track you across the web. This fingerprint will then collect your internet behavior, patterns, interests and thus invade your privacy for advertising or other unspecified purposes.

So, even without your real IP address, browser fingerprinting can identify and track you through user-specific data. Instead of trying to figure out your real IP address, fingerprinting focuses on user-specific data about the browser and computer you are using. They can use details, such as your screen resolution, graphics card, plugins etc., to assign you a unique fingerprint. Browser fingerprinters are sometimes called “cookieless monsters” because they do not have to be installed on your computer or in your browser. They will recognize you without implanting anything. The method of fingerprinting is more detailed than cookies are, does not have to be installed, cannot be deleted and as of yet there isn’t a solution for it.

How Does Browser Fingerprinting Work?

Laptop Leaking InformationAs you visit a website, your browser is programmed to pass along a certain amount of information to that website so it can be accurately loaded. With some simple codes and requests, websites can ask browsers to reveal an absurd amount of data about your browser and device. These are details such as your operating system, screen resolution, fonts, extensions, plugins, graphics card, an your latest updates. And the list goes on and leaves them with a unique combination of details that make you identifiable online. Computers are complex and have so many different levels and versions of software, hardware, firmware, updates, settings, preferences etc. This means that every single user can be uniquely identified with these different settings. And this is exactly what happens with browser fingerprinting.

A unique code

These details, however, do not reveal who you are. Not directly, that is. Not every unique fingerprint or computer is assigned to a name or individual, after all. Because each fingerprint (i.e. the unique collection of specific device and browser data) does not have a name, they can assign you one. They give you a unique fingerprint code. You have one right now, even though you don’t know about it. A browser fingerprint looks like this:

cd1df51c8e2cfa514dfd8b59de2ed757

This string of letters and numbers does not say anything specifically about you, but it is nevertheless an identifier. It is a way for the site to recognize you when you come and go, what you look at, what kind of content appeals to you, and so on. As you browse the web, specific behavior, interests, websites, and patterns are logged. They can connect these to that string of numbers and letters. If you log into a website that contains your personal information, such as Gmail or Facebook, you link yourself to this identifier. This is temporary because people do not keep the same browser and device forever. Eventually you will get a new one, and then your fingerprint changes.

What are Some Concrete Examples of Browser Fingerprinting?

Desktop With Logos of Browsers Edge Brave VivaldiListing every possible way a computer or browser can be fingerprinted would be an impossible job. There is simply too much to mention. Think of any small detail that your computer or browser has that another one hasn’t — and then multiply by each single variable. The list is endless.

However, there are some very specific “categories” for which you can check. These include, but are not limited to: fonts, monitor resolution, headers, WebGL, WebRTC, media Devices API, MIME Types, Web Speech API, Touch API, Battery status API, System Uptime, Timezone and Clock offset, JavaScript performance fingerprinting, and many more.

For a specific look at some of these categories and how your browser fingerprint compares, have a look at browserleaks.com 

Some other websites where you can get a better idea or feel for your browser fingerprint are:

Interesting to note is that, one test might be unable to identify you while another test can identify you. There are so many different techniques that it is practically impossible to fool every single metric.

Why is Browser Fingerprinting Such a Problem?

Browser fingerprinting gives big-tech companies such as Facebook and Google (as well as their advertising customers), oppressive regimes, hackers, stalkers, etc. the opportunity to invade everyone’s privacy without any consideration of a user’s consent or even knowledge. This renders people who wish to simply be left alone, not be influenced by ads, investigate controversial subjects, or state unpopular opinions, incapable of doing so without fear of investigation or online reprisals. Moreover, current European Union guidelines on online privacy stipulate that citizens have to be informed about the kind of tracking methods that are employed on a website and have to actively consent or “opt-in” before such tracking takes place. The application of browser fingerprinting is a major disregard of this privacy guideline.

Is There a Solution to Browser Fingerprinting?

The short answer is no. This is the tragic thing about fingerprinting. There is no single solution or method you can utilize that will magically resolve the issue. However, there are a few things you can do and avoid to make sure it gets slightly more difficult to track you. That’s why we’ll give some tips on this down below.

Useful anti-browser fingerprinting tips

  • Do not use one browser for everything: separate your activities according to browsers. That way, each browser has a unique fingerprint and cannot be interlinked. This means you can separate your download behavior from your social media behavior, for example.
  • Don’t log into an account that contains your personal information with a browser that you use for anonymous purposes.
  • Don’t browse without a VPN. Browser fingerprinting makes it harder for you to stay anonymous, but this does not mean you should make it easier for trackers to follow you. Hiding your IP address and encrypting your internet traffic is still a valid and important part of protecting your online safety and anonymity.

Extensions and tools which offer some protection

  • Installing an extension or two isn’t going to make browser fingerprinting magically go away. In some cases extensions can even backfire. However, some of them are of some use to limit browser fingerprinting. If you do use such an extension, make sure you opt for settings that are as generic as possible. This way your browser and device will “blend in” much more.
  • When using an extension, make sure to choose one which generates and sends out randomized data. This is a great way to confuse browser fingerprinters and stay more anonymous. One such extension is CyDec Platform Anti-Fingerprinting for example.
  • Consider running several virtual machines on your PC. This is another way to greatly fragment your internet traffic and as such make it more difficult for browser fingerprinters to track you. A popular virtual machine used all over the world is Oracle’s VirtualBox.

In Summary

Browser fingerprinting is such a huge problem because it invades your privacy in such a way that you cannot fully protect yourself by using a VPN, a specific browser, special browser extensions, or some other form of privacy software. There is no perfect solution to the problem of browser fingerprinting. Sadly, you are easier to identify when you change a lot of your settings. If you install an extension to spoof your screen resolution, you’ll just be that one-in-a-million user who has an extension that spoofs their screen resolution. This makes you, if anything, more identifiable with browser fingerprinting.

The best way to reduce your fingerprint is by using multiple browsers for different purposes.

Cybersecurity analyst
David is a cybersecurity analyst and one of the founders of VPNoverview.com. Since 2014 he has been gaining international experience working with governments, NGOs, and the private sector as a cybersecurity and VPN expert and advisor.
More articles from the "Anonymous Browsing" section
1
Comments
Leave a comment

  1. Another good website that shows information that could be used for fingerprinting:
    https://www.deviceinfo.me

    Reply
Leave a comment